Harden security: bookmark auth, CSP headers, per-session CSRF, and more
- Bookmark endpoint now requires a secret token (stored in settings) - Style reset moved from GET to POST with CSRF protection - Open redirect prevention in _redirect() helper - Import capped at 100 URLs to prevent abuse - page_tags cleaned up on delete + PRAGMA foreign_keys enabled - CSP, X-Frame-Options, X-Content-Type-Options on all responses - CSRF tokens now per-session via double-submit cookie pattern - Tag names URL-decoded for special characters - Gateway forwards cookies in request data Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Derick Phan
parent
9ddecf71db
commit
d5f2d01651
3 changed files with 83 additions and 11 deletions
11
gateway.py
11
gateway.py
|
|
@ -75,11 +75,22 @@ class GatewayHandler(BaseHTTPRequestHandler):
|
|||
raw = self.rfile.read(length).decode()
|
||||
body = parse_qs(raw)
|
||||
|
||||
# Parse cookies
|
||||
cookies = {}
|
||||
cookie_header = self.headers.get("Cookie", "")
|
||||
if cookie_header:
|
||||
for part in cookie_header.split(";"):
|
||||
part = part.strip()
|
||||
if "=" in part:
|
||||
k, v = part.split("=", 1)
|
||||
cookies[k.strip()] = v.strip()
|
||||
|
||||
request_data = {
|
||||
"method": method,
|
||||
"path": parsed.path,
|
||||
"query": query,
|
||||
"body": body,
|
||||
"cookies": cookies,
|
||||
"gateway_host": self.headers.get("Host", f"localhost:{GATEWAY_PORT}"),
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue